Marriot WiFi Jamming: Not Quite As Bad As It Sounds

Oct 09, 2014

Anybody who resents the high prices hotels charge for wifi might roll their eyes at the 'explanation' from Marriot but they were protecting their guests. The real question is at what cost?

Last week an FCC filing stated that the Marriott Gaylord Opryland Hotel and Convention Center deliberately used Wi-Fi jamming tactics that made it impossible for guests to use their own personal hotspots. This left Marriott's paid Wi-Fi as the only available (and very expensive) option. On Friday the hotel agreed to pay a $600,000 penalty and stop any signal-blocking activities.

It seems like a pretty clear case of greed but there are some subtleties to it. Despite the wording of reports what the hotel did not meet the standard FCC definition of “jamming”:

Generally, “jammers” — which are also commonly called signal blockers, GPS jammers, cell phone jammers, text blockers, etc. — are illegal radio frequency transmitters that are designed to block, jam, or otherwise interfere with authorized radio communications.

More specifically:

Jamming technology generally does not discriminate between desirable and undesirable communications. A jammer can block all radio communications on any device that operates on radio frequencies within its range (i.e., within a certain radius of the jammer) by emitting radio frequency waves that prevent the targeted device from establishing or maintaining a connection.

http://transition.fcc.gov/eb/jammerenforcement/jamfaq.pdf

Instead the hotel used a feature built into their own Wi-Fi system to interfere with outside signals. When activated it sends de-authentication packets to any Wi-Fi Internet access points (like mobile HotSpots) that are not part of Marriott’s official network. The wording of the FCC filing says:

Marriott operates a Wi-Fi monitoring system manufactured by a third party that was installed at the Gaylord Opryland. Among other features, the system includes a containment capability that, when activated, will cause the sending of de-authentication packets to Wi-Fi Internet access points that are not part of Marriott’s Wi-Fi system or authorized by Marriott and that Marriott has classified as “rogue”.

FCC Enforcement Bureau Chief Travis LeBlanc added the following:

"It is unacceptable for any hotel to intentionally disable personal hotspots while also charging customers and small businesses high fees to use the hotel's own Wi-Fi network. This practice puts customers in the untenable position of either paying twice for the same service or forgoing Internet access altogether.”

The hotel of course has a different opinion. A rep reportedly explained that they were trying to protect their guests from "rogue wireless hotspots that can cause degraded service, insidious cyber-attacks and identity theft.”

Who’s right?

Using their technology to disable the use of a properly secured personal hotspot is unfair, inappropriate and, according to the filing, illegal. Guests that want to use their own hotspots should not be forced to pay much higher prices to use wifi offered by the hotel.

At the same time the hotel was almost certainly protecting guests from perils such as “evil twin” attacks. These involve perpetrators that set up an open network that looks real (by giving it an official sounding name) and then snooping on the information that flows across it.

Unless they are using some kind of VPN a guest that gets tricked into thinking the evil twin is a real network does face very real risks (including identity theft). It’s very dangerous, and the hotel was indeed providing protection.

The problem was the cost of that protection. To protect against the possible threat of evil twin attacks the hotel certainly punished countless guests that wanted to use their own secure hotspots. The cost can be argued to have outweighed the benefit, and the fact that it was ultimately so profitable for the hotel makes it seem like their motives were entirely selfish.

With some discretion they could have provided meaningful protection without punishing guests by crippling their hotspots. The filing says that the hotel could send 'de-authentication packets to Wi-Fi Internet access points… that Marriott has classified as “rogue”'. That means that they could have selectively disabled any access points that appeared to be evil twins. This would have protected the guests susceptible to such attacks, without disturbing guests using their personal hotspots.